Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp1827898ybn; Thu, 26 Sep 2019 02:51:34 -0700 (PDT) X-Google-Smtp-Source: APXvYqyXyYlJ7MgoxpsphsuukaKO3INBtNrzPIebGsfL8PSgSvZtqCcapVlVGMeTb96sZXSTbgdm X-Received: by 2002:a50:d949:: with SMTP id u9mr2538076edj.142.1569491494088; Thu, 26 Sep 2019 02:51:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569491494; cv=none; d=google.com; s=arc-20160816; b=sroxu7gsiCUYV/FB5g+KioPxF8GJTEzfBbz/cY9q2MJ4Aqk5CjSHBGwlY7zoEBVZnn vL+XRiXTRug/aDGv9W+3UPj/THxbBOIz2FplzelyVW1KULvL4/PEPw2RvD5CewiRcMxO /bjJp6F1bUZ0T5t7a4dJfnHiv0Csb5Zyu/NpYPflGfxpCjwxM+NxI6druo1psV76qZ46 ISAmZSDbUKkZXvLlQQNq67+60ZKJctj7DC6TVxnOcUH8rjYNbdd2wzP41+1QetLmJ6we OBQvjZAKxTYhRPEPiFyptdN4D4BOfot0LxNEVsxqplfPcPspI67n4ZmAD2FMNFzPh+IH RqXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=1u92IS/2M7xKyOwmT0daCSjUdYPRL1i+1ZYgXkmFLLI=; b=PxcYhysXtT+Ul6DbNNuZ1jqbjDjRuYwijYnNPlXv5y6AMu+A4R7C1XQbajLjQYtZYz UvIaSP6yEvl6+7/3i48wYQFyZntP2XxjjX9WOGTt8QRewQrv25QGr3uTBUZg58W+HS26 aJiyf5q17Yq5f06KZcZARvwwF3f3DvEiiLEs9x8jn8vEudyo++WlDEECn8lLySKuGpSd BjOM/sresEOZHyPLjSOrOnzOMlXpBsaTtr90z56AmHNzUaktQiyCdU3pWhCQNSv2BOuV PZ7zrTQ25MElr1PErqP3usQwdVijrw/dJym04z8BSPayFZ/osNjcvwe+u2jjmiHWDiG+ q4jQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p39si927249eda.416.2019.09.26.02.51.10; Thu, 26 Sep 2019 02:51:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391939AbfIYSEq (ORCPT + 99 others); Wed, 25 Sep 2019 14:04:46 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:41832 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726482AbfIYSEq (ORCPT ); Wed, 25 Sep 2019 14:04:46 -0400 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.92.2 #3 (Red Hat Linux)) id 1iDBe8-0006bq-19; Wed, 25 Sep 2019 18:04:12 +0000 Date: Wed, 25 Sep 2019 19:04:12 +0100 From: Al Viro To: Linus Torvalds Cc: Aleksa Sarai , Ingo Molnar , Peter Zijlstra , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Christian Brauner , Rasmus Villemoes , GNU C Library , Linux API , Linux Kernel Mailing List Subject: Re: [PATCH v1 1/4] lib: introduce copy_struct_from_user() helper Message-ID: <20190925180412.GK26530@ZenIV.linux.org.uk> References: <20190925165915.8135-1-cyphar@cyphar.com> <20190925165915.8135-2-cyphar@cyphar.com> <20190925172049.skm6ohnnxpofdkzv@yavin> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.12.1 (2019-06-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 25, 2019 at 10:48:31AM -0700, Linus Torvalds wrote: > On Wed, Sep 25, 2019 at 10:21 AM Aleksa Sarai wrote: > > > > Just to make sure I understand, the following diff would this solve the > > problem? If so, I'll apply it, and re-send in a few hours. > > Actually, looking at it more, it's still buggy. > > That final "size smaller than unsigned long" doesn't correctly handle > the case of (say) a single byte in the middle of a 8-byte word. > > So you need to do something like this: > > int is_zeroed_user(const void __user *from, size_t size) > { > unsigned long val, mask, align; > > if (unlikely(!size)) > return true; > > if (!user_access_begin(from, size)) > return -EFAULT; > > align = (uintptr_t) from % sizeof(unsigned long); > from -= align; > size += align; > > mask = ~aligned_byte_mask(align); > > while (size >= sizeof(unsigned long)) { > unsafe_get_user(val, (unsigned long __user *) from, err_fault); > val &= mask; > if (unlikely(val)) > goto done; > mask = ~0ul; > from += sizeof(unsigned long); > size -= sizeof(unsigned long); > } > > if (size) { > /* (@from + @size) is unaligned. */ > unsafe_get_user(val, (unsigned long __user *) from, err_fault); > mask &= aligned_byte_mask(size); > val &= mask; > } IMO it's better to lift reading the first word out of the loop, like this: align = (uintptr_t) from % sizeof(unsigned long); from -= align; unsafe_get_user(val, (unsigned long __user *) from, err_fault); if (align) { size += align; val &= ~aligned_byte_mask(align); } while (size > sizeof(unsigned long)) { if (unlikely(val)) goto done; from += sizeof(unsigned long); size -= sizeof(unsigned long); unsafe_get_user(val, (unsigned long __user *) from, err_fault); } if (size != size(unsigned long)) val &= aligned_byte_mask(size); done: Do you see any problems with that variant?